CHAPTER 12 Scheduling and Securing Deployed Reports and Data Sources

Chapter summary

  • Reporting Services has two main role types: item-level roles and system-level roles.These roles can be customized to meet your particular security requirements.
  • Item-level roles handle the security of the object contained within the hierarchicalnamespace of report objects in Reporting Services, whereas system-level roles handlethe objects and operations outside the hierarchy.
  • My Reports functionality allows users to have private space to work with their ownreports, without the need for high privileges in public folders. My Reports is disabledby default.
  • Shared schedules are easier to maintain than report-specific schedules. Shared schedulesgive more control to an administrator.
  • End users can subscribe to reports.
  • To execute reports automatically on a schedule, you must store credentials for connectingto data sources in your report server database.
  • You can quickly create multiple subscriptions with different properties by using a datadrivensubscription.
  • Reporting Services lets you improve report performance by using cached reports andreport snapshots.
  • Data sources represent access to data repositories. Credentials can be predefined andset to apply to everyone who accesses a report, or they can be defined at run time.

Lesson 1: Administering SSRS Item-Level Permissions and Site Security Roles

1. What types of roles are available in SSRS 2008, and what are their purposes?

Item-level roles and system-level roles are the two types of roles available in SSRS 2008. An item-level role is a collection of tasks related to operations on an object of the report object hierarchy of SSRS 2008. A system-level role is a collection of tasks related to operations on server objects outside the report object hierarchy of SSRS 2008.

2. Can a user or group belong to more than one item-level or system-level role?

yes, in SSRS 2008, a user or group can have more than one association to a system-level or an item-level role.

3. When storing the credentials of a data source in the server, are those credentials safe?

yes, the data source credentials are safe because Reporting Services encrypts them and stores them in the ReportServer SQL Server

Lesson 2: Creating Report Schedules and Subscriptions

1. What happens if you do not specify a parameter value in a subscription and the parameter does not have a default value?

If you do not specify a parameter value in a subscription and the parameter does not have a default value, the execution of the report will fail.

2. you want to create a subscription to a report. However, when you right-click the Subscription subfolder of the report, you notice that the new Subscription option is dimmed. What is wrong?

When the new Subscription option is dimmed, the report probably does not use stored credentials for accessing the data. SSRS needs these credentials stored in its own ReportServer database to execute a report on a schedule.

3. What can you do if your query with properties for a data-driven subscription does not provide values for all of the subscription properties?

If your query with properties for a data-driven subscription does not provide values for all of the subscription properties, you can use text and default values instead. These values are then used for parameters of all subscriptions you get from the

Lesson 3: Managing Report Caching and Execution Properties in Report Manager

1. What mechanisms do you identify to reduce the overhead of Reporting Services data sources?

Snapshots and cached reports can help reduce the processing pressure on data sources and improve report response time.

2. Can you always create a cache of a report?

no, you can create a cache of a report only when certain requirements, such as having credentials stored in the Report Server, are met.

3. Can you edit the .rdl code associated with a linked report?

no, because a linked report has no .rdl code of its own. It refers to the .rdl code of the base report.

Managing the Report Environment for Adventure Works

Case scenario

Reporting Services has been deployed in Adventure Works, and multiple departments are requesting access to the new server. However, some employees need to access reports from departments other than their own. At the same time, some users from the call center require the flexibility to create reports based on their customers. Adventure Works uses a mixed database environment, with most applications running on SQL Server 2008 but some running on Oracle.

  1. What is the general security infrastructure required to support the reporting needs of the Adventure Works departments and employees?
  2. From a data source security standpoint, how can you satisfy the requirements to access both Oracle and SQL Server from Reporting Services?


1. In general, because item-level roles are cumulative, for each department’s folder, you can assign the Browser role to the Active Directory group that represents the employees of each division. Additionally, you can add the Browser role to each person who needs access to more than one department’s folder.

2. To allow access to the Oracle databases, you will need to define a user with low-level privileges and store the credentials for that user in Report Server. For the SQL Server databases, given the fact that Adventure Works uses a Windows domain, you can enable Kerberos and use the Integrated Windows Authentication mechanism.